Retrieval of data across multiple partitions of a storage device using digital signatures

ABSTRACT

A system and method for exchanging data among partitions of a storage device is disclosed. For example, data stored in a first partition is exchanged with an application included in the first partition or with a second application included in a second partition. In one embodiment, the second application is associated with a global certificate while the first application is associated with a different platform certificate. A verification module included in the first partition receives a request for data and determines if the request for data is received from the first application. If the request for data is not received from the first application, the verification module determines whether the request is received from the second application and whether the global certificate is an authorized certificate. For example, the verification module determines whether the global certificate is included in a listing of authorized certificates.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a continuation of U.S. patent application Ser. No.13/168,932, filed Jun. 24, 2011, which is hereby incorporated byreference herein in its entirety.

FIELD OF THE DISCLOSURE

The present disclosure relates generally to data retrieval and moreparticularly to exchanging data between partitions of a storage deviceusing digital certificate permissions.

BACKGROUND

Computing devices such as smartphones, tablet computers and/or netbookcomputers are becoming increasingly powerful and increased networkconnectivity allows these computing devices to provide a wide range offunctionalities and acquire an increased amount of data. While certainapplications or processes may be pre-installed on a computing device,users are increasingly able to further increase a computing device'sfunctionality by retrieving additional applications, processes or datafrom third-party providers. To prevent impairment caused by applicationsor data retrieved from a third-party provider, computing devices ofteninclude multiple partitions to segregate pre-installed applications orprocesses from applications or data retrieved from a third-partyprovider.

However, an application or data retrieved from a third-party providermay need to access data included in a partition separate from thepartition including the data or application. Conventional approachesprevent an application or data retrieved from a third-party providerfrom accessing data or applications stored in certain partitions, suchas a partition including pre-installed applications or data. This accesslimitation reduces the functionality of the data or applicationsretrieved from the third-party provider.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying figures, where like reference numerals refer toidentical or functionally similar elements throughout the separateviews, together with the detailed description below, are incorporated inand form part of the specification, and serve to further illustrateembodiments of concepts that include the claimed invention, and explainvarious principles and advantages of those embodiments.

FIG. 1 is a block diagram of a computing system in accordance with someembodiments.

FIG. 2 is a block diagram of a computing device in accordance with someembodiments.

FIG. 3A is a functional block diagram of a storage device of a computingdevice in accordance with some embodiments.

FIG. 3B is a functional block diagram of a storage device of a computingdevice in accordance with some alternate embodiments.

FIG. 4 is an event diagram of a method for retrieval of stored data byone or more applications in accordance with some embodiments.

FIG. 5 is an event diagram of an alternative method for retrieval ofstored data by one or more applications in accordance with someembodiments.

Skilled artisans will appreciate that elements in the figures areillustrated for simplicity and clarity and have not necessarily beendrawn to scale. For example, the dimensions of some of the elements inthe figures may be exaggerated relative to other elements to help toimprove understanding of embodiments of the present invention.

The apparatus and method components have been represented whereappropriate by conventional symbols in the drawings, showing thespecific details that are pertinent to understanding the embodiments ofthe present invention so as not to obscure the disclosure with detailsthat will be readily apparent to those of ordinary skill in the arthaving the benefit of the description herein.

DETAILED DESCRIPTION

A system and method for exchanging data among a first partition of astorage device and a second partition of a storage device is disclosed.For example, data stored in a first partition, such as a secured orsystem partition, is exchanged with an application included in the firstpartition or with a second application included in a second partition,such as an unsecured or data partition. In one embodiment, the secondapplication included in the second partition is associated with a globalcertificate while the first application included in the first partitionis associated with a different platform certificate. In one embodiment,a verification module included in the first partition receives a requestfor data. Responsive to determining that the request for data isreceived from the first application in the first partition, theverification module communicates the requested data to the firstapplication. If the request for data is received from the secondapplication in the second partition, the verification module determineswhether the global certificate associated with the second application isan authorized certificate. For example, the verification moduledetermines whether the global certificate is included in a listing ofauthorized certificates. Responsive to determining that the globalcertificate is an authorized certificate, the verification modulecommunicates the requested data to the second application.

In the following description, for purposes of explanation, numerousspecific details are set forth to provide a thorough understanding ofthe invention. However, it will be apparent to one skilled in the artthat the invention can be practiced without these specific details. Inother instances, structures and devices are shown in block diagram formin order to avoid obscuring the invention.

System Overview

FIG. 1 is a block diagram of one embodiment of a computing system 100.In the embodiment shown by FIG. 1, the computing system 100 includes acomputing device 110, one or more servers 120A, 120N (also referred toindividually and collectively using reference number 120), a third-partyprovider 130 and a network 140. However, in different embodiments, thecomputing system 100 may include different and/or additional componentsthan those depicted in FIG. 1.

The computing device 110 is any device with data processing and datacommunication capabilities. Examples of a computing device 110 include asmartphone, a tablet computer, a netbook computer, a laptop computer, adesktop computer or any other suitable device. The computing device 110receives data or processes from one or more servers 120A, 120N and/orfrom a third-party provider 130 via the network 140. In one embodiment,the computing device 110 receives executable data or instructions fromthe third-party provider 130 via the network 140 that, when executed bythe computing device 110, execute an application enabling userinteraction with content. The application may store, retrieve or modifydata included in the computing device 110 and/or exchange data withanother computing device 110, a server 120 and/or a third-party provider130. As further described below in conjunction with FIGS. 2-5, thecomputing device 110 may include data in different partitions andimplement a method, such as the method described below, to allow anapplication to access data included in a different partition. Thecomputing device 110 is further described below in conjunction with FIG.2.

Servers 120A, 120N are computing devices having data processing and datacommunication capabilities that exchange data with the computing device110 via the network 140. For example, a server 120 communicates data tothe computing device 110 to update an application stored on thecomputing device or communicates data to the computing device 110 foruse by one or more applications or processes executed by the computingdevice 110. A server 120 may push data to the computing device 110 viathe network 140 and/or a computing device 110 may pull data from aserver 120 via the network 140.

The third-party provider 130 is a computing device having dataprocessing and data communication capabilities that includes data orinstructions that, when executed by a processor, implement one or moreapplications. In one embodiment, the third-party provider 130communicates the data or instructions for implementing an application tothe computing device 110 via the network, so that the application islocally executed by the computing device 110. Additionally, thethird-party provider 130 may also include data used by an applicationwhen the application is executed by the computing device 110. In oneembodiment, the computing device 110 retrieves an application from thethird-party provider 130 responsive to the application being identifiedby a marketplace or other data repository accessible by the computingdevice 110.

The network 140 is a conventional type for data and/or voicetransmission. In various embodiments, the network 140 is a wirednetwork, a wireless network or a combination of wireless and wirednetworks. The network 140 may have any number of configurations such asa star configuration, a token ring configuration or anotherconfiguration known in the art. Furthermore, the network 140 maycomprise a local area network (LAN), a wide area network (WAN) (e.g.,the Internet), and/or any other interconnected data path across whichmultiple devices may communicate. In yet another embodiment, the network140 may be a peer-to-peer network. The network 140 may also be coupledto or includes portions of a telecommunications network for sending datain a variety of different communication protocols. For example, thenetwork 140 may transmit voice data using one or more of a Global Systemfor Mobile (GSM) communication system, Code Division Multiple Access(CDMA) system, Universal Mobile Telecommunications System (UMTS) or anyother suitable protocols. The network 140 may also transmit data usingone or more of General Packet Radio Service (GPRS), third-generation(3G), or greater, mobile network, fourth-generation (4G), or greater,mobile network, High Speed Download Packet Access (HSDPA), High SpeedUplink Packet Access (HSUPA), Long-Term Evolution (LTE), WorldwideInteroperability for Microwave Access (WiMax) or any other suitableprotocol. In yet another embodiment, the network 140 includes Bluetoothcommunication networks or a cellular communications network for sendingand receiving data such as via short messaging service (SMS), multimediamessaging service (MMS), hypertext transfer protocol (HTTP), direct dataconnection, wireless application protocol (WAP), email or other types ofdata known in the art.

FIG. 2 is a block diagram of one embodiment of a computing device 110.In the embodiment shown by FIG. 2, the computing device 110 includes aprocessor 210, a storage device 220, an input device 230, a displaydevice 240, an output device 250 and a communication unit 260 that arecoupled together via a bus 205. However, in different embodiments, thecomputing device 110 may include different and/or additional componentsthan those illustrated by FIG. 2.

The processor 210 processes data or instructions and may comprisevarious computing architectures. For example, the processor 210 mayprocess data or instructions using a complex instruction set computer(CISC) architecture a reduced instruction set computer (RISC)architecture, an architecture implementing a combination of instructionsets or any other suitable instruction set. Although FIG. 2 shows asingle processor 210, in other embodiments, the computing device 110 mayinclude multiple processors. The processor 210 transmits, processesand/or retrieves data from the storage device 220, the input device 230,the display device 240, the output device 250 or the communication unit260.

The storage device 220 stores data and/or instructions that, whenexecuted by the processor 210, cause the processor 210 to perform one ormore steps or to provide one or more types of functionality. The dataand/or instructions included in the storage device 220 may comprisecomputer-readable code that, when executed by the processor 210,performs the methods described herein and/or provides the functionalitydescribed herein. The storage device 220 may comprise a dynamic randomaccess memory (DRAM), a static random access memory (SRAM), a hard diskan optical storage device, a magnetic storage device, a ROM (Read OnlyMemory), a PROM (Programmable Read Only Memory), an EPROM (ErasableProgrammable Read Only Memory), an EEPROM (Electrically ErasableProgrammable Read Only Memory) a Flash memory or another memory deviceknown in the art. The storage device 220 may be a persistent storagedevice, a non-persistent storage device or a combination of a persistentstorage device and a non-persistent storage device in variousembodiments. The storage device 220 is coupled to the processor 210, theinput device 230, the display device 240, the output device 250 and thecommunication unit 260 via the bus 205. Example embodiments of thestorage device 220 are further described below in conjunction with FIGS.3A and 3B.

The input device 230 is any device configured to receive input from auser of the computing device 110 and communicate the received input tothe processor 210, to the storage device 220 or to another component ofthe computing device 110. For example, the input device 230 comprises acursor controller, a touch-sensitive display or a keyboard. In oneembodiment, the input device 230 includes an alphanumeric input device,such as a keyboard, a key pad, representations of such created on atouch-sensitive display or another device adapted to communicateinformation and/or commands to the processor 210 or to the storagedevice 220. In another embodiment, the input device 230 comprises aninput device for communicating positional data as well as data orcommands to the processor 210 or to the storage device 220 such as ajoystick, a mouse, a trackball, a stylus, a touch-sensitive display,directional keys or another suitable input device known in the art.

The display device 240 is a device that displays electronic imagesand/or data. For example, the display device 240 comprises an organiclight emitting diode display (OLED), a liquid crystal display (LCD) orany other device such as a monitor. In one embodiment, the displaydevice 240 includes a touch-sensitive transparent panel for receivingdata or allowing other interaction with the images and/or data displayedby the display device 240.

The output device 250 comprises one or more devices that convey data orinformation to a user of the computing device 110. For example, theoutput device 250 includes one or more speakers or headphones forpresenting audio data to a user. As another example, the output device250 includes one or more light emitting diodes (LEDs) or other lightsources to provide visual data to a user. As another example, the outputdevice 250 includes one or more devices for providing vibrational, orhaptic, feedback to a user. The above are merely examples of outputdevices 250 and the output device 250 may include one or more devicesfor providing auditory output, tactile output, visual output, anycombination of the preceding or any other suitable form of output.

The communication unit 260 transmits data from the computing device 110to the network 140 or to other computing devices 110 and/or receivesdata from the network 140 or from other computing devices 110. In oneembodiment, the communication unit 260 comprises a wireless transceiverthat transmits and/or receives data using one or more wirelesscommunication protocols. For example, the communication unit 260includes one or more wireless transceivers transmitting and/or receivingdata using one or more wireless communication protocols, such as IEEE802.11a/b/g/n (WiFi), Global System for Mobile (GSM) communicationsystem, Code Division Multiple Access (CDMA) system, Universal MobileTelecommunications System (UMTS), General Packet Radio Service (GPRS),third-generation (3G), or greater, mobile network, fourth-generation(4G), or greater, mobile network, High Speed Download Packet Access(HSDPA), High Speed Uplink Packet Access (HSUPA), Long-Term Evolution(LTE), Worldwide Interoperability for Microwave Access (WiMax),BLUETOOTH® or another wireless communication protocol. In anotherembodiment, the communication unit 260 is a network adapter forcommunicating with the network 140 or with another computing device 110using a wired communication protocol, such as Universal Serial Bus(USB), Ethernet or another suitable wired communication protocol. In yetanother embodiment, the communication unit 260 comprises a combinationof one or more transceivers and a wired network adapter, or similarwired device.

FIGS. 3A and 3B are functional block diagrams illustrating componentsstored in a storage device 220 in according to various embodiments. InFIGS. 3A and 3B, the storage device 220 includes two partitions,identified herein for purposes of illustration as the system partition222 and the data partition 224; however, in other embodiments, thestorage device 220 may also include additional partitions. Additionally,the techniques described herein may be applied to a storage device 220having at least a first partition and a second partition. The systempartition 222 stores secured data, and/or applications associated with acertificate and limits access to the secured data to applications orprocesses associated with the same certificate as the data orapplications stored by the system partition 222. In one embodiment, thedata or applications stored in the system partition 222 are associatedwith a platform certificate that is derived from predetermined criteria,such as the type of the computing device 110, the manufacturer of thecomputing device 110, a carrier providing network access to thecomputing device 110 or other suitable criteria. Thus, access to data orapplications stored in the system partition 222 is limited toapplications or processes also associated with the platform certificate.In conventional implementations, this limits access to data orapplications stored in the system partition 222 to other data orapplications stored in the system partition 222.

However, users of computing devices 110 increasingly retrieve, ordownload, applications from third-party providers 130 to enhance thefunctionality of a computing device 110. For example, applicationsproviding specialized functionality, such as task management, weatherforecasting, document generation or other tasks, are retrieved from athird-party provider 130 via the network 140 and then stored in thestorage device 220. Conventionally, applications from third-partyproviders 130, also referred to herein as “third-party applications” or“unsecured applications,” are stored in a partition of the storagedevice 220 different from the system partition 222. For example, athird-party application 310 is stored in a data partition 224 of thestorage device 220. The data partition 224 is an unsecured portion ofthe storage device 220, including applications or data associated withdifferent certificates. In conventional implementations, differentapplications or data retrieved from third-party providers 130 areassociated with different certificates that differ from the platformcertificate associated with data and/or applications in the systempartition 222. This difference between platform certificate andapplication certificate prevents applications or data retrieved from athird-party provider 130 from accessing data or applications stored inthe system partition 222.

FIG. 3A depicts a block diagram of an embodiment of a storage device 220where a third-party application 310 is stored in the data partition 224and a client-server interface 320, an operating system 330, a data store340 and an authorized application 350 are stored in the system partition222. For purposes of illustration, FIG. 3A identifies examples of datasharing between different components using lines coupled to differentcomponents.

The third-party application 310 is code and/or instructions that, whenexecuted by the processor 210, allow interaction with content using thecomputing device 110. For example, the third-party application 310displays images using the display device 240 or provides audio, hapticor other feedback via one or more output devices 250. In embodiments,the third-party application 310 also receives data using one or moreinput devices 230 or receives data or content via the communication unit260. In the embodiment shown by FIG. 3A, the third-party application 310is associated with a global certificate 312, which is a digitalcertificate associating a key with an entity, such as a certificateauthority, using a digital signature. The global certificate 312 allowsverification that the third-party application 310 is associated with anentity or is trusted by an entity.

In one embodiment, a permission is associated with the globalcertificate to denote the ability of the third-party application 310 toaccess data or applications stored by the storage device 220. Forexample, the global certificate 312 is associated with a signaturepermission. The signature permission allows a third-party application310 to exchange data with other applications or data that are signedwith the same digital signature that was used to generate the globalcertificate 312 and preventing the third-party application 310 fromexchanging data with applications or data signed with a differentdigital signature than the signature generating the global certificate312.

The client-server interface 320 is code and/or instructions that, whenexecuted by the processor 210, manages exchange of data between one ormore servers 120A, 120N and the computing device 110. In one embodiment,the client-server interface 320 updates data stored by the storagedevice 220, such as data stored in the data store 340. For example, theclient-server interface 320 synchronizes data between one or moreservers 120 and one or more authorized applications 350 or third-partyapplications 310, schedules timing of data synchronization between aserver 120 and authorized application 350 or a third-party application310, generates notification messages, manages one or more identifiersassociated with the computing device 110, communicates video or imagedata from the computing device 110 to one or more servers 120, provideslocation-based services or performs other suitable processes. Hence, theclient-server interface 320 manages communication between the computingdevice 110, including applications executing on the computing device110, and one or more servers 120.

The client-server interface 320 is also associated with the globalcertificate 312, which associates the client-server interface 320 with akey associated with an entity, such as a certificate authority, using adigital signature. In one embodiment the client-server interface 320associates a system or signature permission with the global certificate312. The system or signature permission allows an application signedwith the same digital signature used to generate the global certificate312 to access the client-server interface 320 while also allowing anapplication or data residing in the same partition as the client-serverinterface, the system partition 222 in the examples of FIGS. 3A and 3B,to access the client-server interface 320. By associating the system orsignature permission with the global certificate 312, the client-serverinterface allows data or applications having the same signature as thesignature associated with the global certificate 312 to access theclient-server interface 320 while also allowing applications or dataresiding in the system partition 222 to access the client-serverinterface 320. This increases the accessibility of the client-serverinterface 320 to applications or data within the data partition 224associated with the global certificate 312 while maintaining theaccessibility of the client-server interface to applications or datastored in the system partition 222.

In the embodiment shown by FIG. 3A, the client-server interface 320includes an authentication module 315, which is code or instructions,that when executed by the processor 210, determines whether athird-party application 310 or an authorized application 350 ispermitted to retrieve data from the data store 340, access theclient-server interface 320 or retrieve data from another portion of thesystem partition 222. In one embodiment, the authentication module 315determines whether an application is permitted to access the data store340 or the client-server interface 320 based on properties of acertificate associated with the application. For example, if theclient-server interface 320 associates a system or signature permissionwith the global certificate 312, the authentication module 315determines whether an application requesting data or requestingcommunication with the client-server interface 320 resides in the systempartition 222 or is associated with the same digital signature as theclient-server interface 320. The authentication module 315 then allowsaccess to data or to the client-server interface if the application fromwhich a request is received is stored in the system partition 222 or isassociated with the global certificate 312. Operation of theauthentication module 315 is further described below in conjunction withFIG. 4.

The operating system 330 comprises data or instructions that, whenexecuted by the processor 210, interfaces between one or more componentsof the computing device 110 and an application or process which mayreceive data from a user. In one embodiment, the operating system 330manages and coordinates use and sharing of computing device 110resources. Additionally, the operating system 330 provides anenvironment in which applications are executed on the computing device110, in which data stored by the computing device 110 is accessed ormodified and in which data is stored by the computing device 110. Forexample, the operating system 330 communicates data to or from anapplication, such as an authorized application 350 or a third-partyapplication 310, to or from the data store 340. In one embodiment, theoperating system 330 receives requests for data from a third-partyapplication 310 or an authorized application 350, retrieves therequested data from the data store 340 and communicates the requesteddata from the data store 340 to the authorized application 350 or to thethird-party application 310. In an embodiment, the operating system 330may also determine whether a certificate associated with an applicationis authorized to retrieve data from the data store 340 prior toretrieving the requested data.

The data store 340 is a portion of the storage device 220 where data ismaintained. For example, the data store 340 may include configurationdata used by the operating system 330, applications or datapre-installed by a computing device 110 manufacturer or a carrierproviding the computing device 110 with access to a network 140.

The authorized application 350 is code and/or instructions that, whenexecuted by the processor 210, allow interaction with content using thecomputing device 110 or exchange data with one or more components of thecomputing device 110. In one embodiment, an authorized application 350presents content to a user via the display device 240 or one or moreoutput devices 250. Alternatively, the authorized application 350communicates data or instructions between one or more components of thecomputing device 110 or communicates data or instructions between thecomputing device 110 and one or more servers 120 via the client-serverinterface 320.

In the embodiment shown by FIG. 3A, the authorized application 350 isassociated with a platform certificate 322, which is a digitalcertificate that uses a digital signature to associate a key with anentity, such as a computing device 110 manufacturer, a service provider,a carrier providing the computing device 110 with access to a network140 or another suitable entity. Because the global certificate 312differs from the platform certificate 322, the signature of the globalcertificate 312 and the platform certificate 322 are different. Theauthorized application 350 communicates with the authentication module315 to retrieve data from the data store 340 or to communicate with theclient-server interface 320. However, because the client-serverinterface 320 associates a system or signature permission with theglobal certificate, the authentication module 315 allows the authorizedapplication 350 to exchange data with the client-server interface 320and/or retrieve data from the data store 340 because both theclient-server interface 320 and the authorized application 350 areincluded in the system partition 222.

FIG. 3B shows an alternative embodiment of a storage device 220 where athird-party application 310 is stored in the data partition 224 and aclient-server interface 320, an operating system 330, a data store 340,an authorized application 350, a verification module 360 and acertificate store 370 are stored in the system partition 222. Forpurposes of illustration, FIG. 3B identifies examples of data sharingbetween different components using lines coupled to differentcomponents. The third-party application 310, the client-server interface320, the data store 340 and the authorized application 350 are furtherdescribed above in conjunction with FIG. 3A.

In the embodiment shown by FIG. 3B, the system partition 222 includes averification module 360, which is code or instructions, that whenexecuted by the processor 210, determines whether a third-partyapplication 310 or an authorized application 350 is permitted toretrieve data from the data store 340 or to access the client-serverinterface 320. Responsive to receiving a request to access data or anapplication included in the system partition 222 or receiving a requestto communicate with the client-server interface, the verification module360 determines a certificate associated with the application from whichthe request is received. In one embodiment, the authentication module315 determines whether an application is permitted to access the datastore 340 or the client-server interface 320 based on properties of acertificate associated with the application.

For example, the verification module 360 determines whether theapplication from which the request was received is stored in the systempartition 222. Responsive to determining the application from which therequest was received is stored in the system partition 222, theverification module 360 communicates the request to the appropriatedestination, such as to the data store 340 or to the client-serverinterface 320, and communicates data from the destination to theapplication from which the request was received. Responsive todetermining the application from which the request was received is notstored in the system partition 222, the verification module 360determines whether a signature associated with the certificateassociated with the application from which the request was received anddetermines is associated with an application from which a request is tobe allowed. For example, the verification module 360 determines whethera hash value associated with the certificate associated with theapplication from which the request was received is stored in acertificate store 370. The requested data is retrieved or the requestedaction is performed responsive to the hash value, or another suitableattribute associated with the certificate associated with theapplication from which the request was received, being included in thecertificate store 370. Operation of the verification module 360 isfurther described below in conjunction with FIG. 5.

The certificate store 370 includes identifiers of certificatesassociated with applications, or other processes, which are authorizedto retrieve data from the system partition 222 or are authorized tocommunicate with the client-server interface 320. In one embodiment, thecertificate store 370 includes a hash value obtained from differentcertificates, so that if the hash value of a certificate is included inthe certificate store 370, an application or process associated with thecertificate store is permitted to access the system partition 222. Inone embodiment, the certificate store 370 receives the identifiers froma server 120. Additionally, the certificate store 370 may be updated tomodify the certificates which are permitted to access the systempartition 222. For example, identifiers associated with certificates maybe removed from the certificate store 370 or added to the certificatestore 370 to modify the ability of applications to access data stored inthe system partition 222.

In the embodiment shown by FIG. 3B, the third-party application 310 isassociated with a global certificate 312, as described above inconjunction with FIG. 3A, and the authorized application 350 isassociated with a platform certificate 322, as described above inconjunction with FIG. 3A. Because the verification module 360 determineswhether to permit access to data in the system partition 222 or to theclient-server interface 320 based on either the location of theapplication requesting access or the signature of the applicationrequesting access, the third-party application 310 and the authorizedapplication 350 are both able to access data in the system partition 222and the client-server interface 320. Further, the embodiment shown inFIG. 3B shows the certificate store 370 and the data store 340 alsoassociated with the platform certificate 322 because they are stored inthe system partition 222.

Methods

FIG. 4 is an event diagram of one embodiment of a method 400 foraccessing secured data by applications. Initially, FIG. 4 illustratesretrieval of secured data from a first partition, such as the systempartition 222, by a third-party application 310. As further describedabove in conjunction with FIG. 3A, the third-party application 310 isassociated with a global certificate 312 and is stored in a secondpartition, such as the data partition 224, of a storage device 220. Thethird-party application transmits 405 a request for data to theauthentication module 315, which is stored in the system partition 222of the storage device 220. In one embodiment, such as the embodimentshown in FIG. 3A, the authentication module 315 is included in theclient-server interface 320.

Responsive to receiving the request for data, the authentication module315 verifies 410 that the third-party application 310 is associated withthe global certificate 312. For example, the authentication module 315verifies 410 that the signature of the digital certificate associatedwith the third-party application 310 is the signature of the globalcertificate 312. Responsive to verifying 410 the global certificate 312is associated with the third-party application 310, the authenticationmodule 315 transmits 415 the request for data to the operating system330, which then retrieves the requested data from the data store 340 andtransmits 420 the data from the data store to the third-partyapplication 310.

FIG. 4 also illustrates use of the authentication module 315 by anauthorized application 350 to retrieve data from the data store 340. Asshown above in FIGS. 3A and 3B, the authorized application 350 isincluded in the first partition, such as the system partition 222, ofthe storage device 220 and associated with a platform certificate 322.Initially, the authorized application 350 transmits 425 a request fordata to the authentication module 315.

Responsive to receiving the request for data, the authentication module315 verifies 430 that the request for data was received by anapplication stored in the system partition 222. While the client-serverinterface 320, which includes the authentication module 315, is signedwith the global certificate 312, the client-server interface 320associates a system or signature permission with the global certificate312. This allows the third-party application 310 to retrieve data fromthe system partition 222 because it is also associated with the globalcertificate while allowing the authorized application 350 to retrievedata from the system partition 222 because it is stored in the systempartition 222 itself.

Responsive to verifying 430 that the request for data was received froman authorized application 350 included in the system partition 222, theauthentication module 315 transmits 435 the request for data to theoperating system 330, which then retrieves the requested data from thedata store 340 and transmits 440 the data from the data store 340 to theauthorized application 350.

FIG. 5 is an event diagram of one embodiment of an alternative methodfor accessing secured data by an application 510. In the example shownby FIG. 5, the application 510 may be either an authorized application350 or a third-party application 310, as FIG. 5 illustrates exampleoperation of the verification module 360 in determining whether accessto secured data is permitted.

Initially, the application 510 transmits 505 a request for data to theverification module 360, which is included in a first partition, such asthe system partition 222 as shown by FIG. 3B. The verification module360 then determines 515 whether the application is stored in the systempartition 222. Responsive to determining 515 that the application 510 isstored in the system partition 222, the verification module 360retrieves 517 the data. For example, the verification module 360transmits the data request to the operating system 330 which thenretrieves the data from the data store 340. As another example, theverification module 360 transmits the data request to the client-serverinterface 320, which retrieves the requested data from a server 120.

Responsive to determining that the application 510 is not stored in thefirst partition, such as the system partition 222, of the storage device220, the verification module 360 determines 520 the signature associatedwith the application 510. For example, the verification module 360determines 520 the signature associated with a digital certificateassociated with the application 510. In one embodiment, if theapplication 510 is a third-party application 310, the verificationmodule 360 determines 520 the signature associated with the globalcertificate 312. After determining 520 the signature associated with theapplication 510, the verification module 360 transmits 525 the signatureto the certificate store 370, which determines 530 whether the signatureis stored. If the signature associated with the application 510 isstored, the certificate store 370 transmits 550 a key associated withthe signature to initiate data retrieval. For example, the certificatestore 370 transmits 550 the key to the operating system 330 to retrievedata from the data store 340 or transmits 550 the key to theclient-server interface 320 to retrieve data from a server 120, or tootherwise access a server 120.

If the signature associated with the application 510 is not stored inthe certificate store 370, the certificate store 370 transmits 535 arequest for an updated certificate listing to the client-serverinterface 320, when then requests 540 an updated certificate listingfrom a server 120 or from another data source. After receiving theupdated certificate listing, the client-server interface 320 transmits545 the updated certificate listing to the certificate store 370. Thecertificate store 370 then determines whether the signature associatedwith the application is included in the updated certificate listing. Ifthe signature associated with the application is included in the updatedcertificate listing, the certificate store 370 transmits 550 the keyassociated with the signature as described above. If the signature isnot included in the updated certificate listing, the data is notretrieved and the certificate store 370 notifies the verification module360 that the signature is not stored by the certificate store 370. Inone embodiment, the verification module 360 may transmit a message ornotification that the data cannot be retrieved back to the application510.

Thus, the verification module retrieves the requested data if theapplication 510 is included in the system partition 222 of the storagedevice 220 or if the signature associated with the application isincluded in the certificate store 370.

In the foregoing specification, specific embodiments have beendescribed. However, one of ordinary skill in the art appreciates thatvarious modifications and changes can be made without departing from thescope of the invention as set forth in the claims below. Accordingly,the specification and figures are to be regarded in an illustrativerather than a restrictive sense, and all such modifications are intendedto be included within the scope of present teachings.

The benefits, advantages, solutions to problems, and any element(s) thatmay cause any benefit, advantage, or solution to occur or become morepronounced are not to be construed as a critical, required, or essentialfeatures or elements of any or all the claims. The invention is definedsolely by the appended claims including any amendments made during thependency of this application and all equivalents of those claims asissued.

Moreover in this document, relational terms such as first and second,top and bottom, and the like may be used solely to distinguish oneentity or action from another entity or action without necessarilyrequiring or implying any actual such relationship or order between suchentities or actions. The terms “comprises,” “comprising,” “has”,“having,” “includes”, “including,” “contains”, “containing” or any othervariation thereof, are intended to cover a non-exclusive inclusion, suchthat a process, method, article, or apparatus that comprises, has,includes, contains a list of elements does not include only thoseelements but may include other elements not expressly listed or inherentto such process, method, article, or apparatus. An element proceeded by“comprises . . . a”, “has . . . a”, “includes . . . a”, “contains . . .a” does not, without more constraints, preclude the existence ofadditional identical elements in the process, method, article, orapparatus that comprises, has, includes, contains the element. The terms“a” and “an” are defined as one or more unless explicitly statedotherwise herein. The terms “substantially”, “essentially”,“approximately”, “about” or any other version thereof, are defined asbeing close to as understood by one of ordinary skill in the art, and inone non-limiting embodiment the term is defined to be within 10%, inanother embodiment within 5%, in another embodiment within 1% and inanother embodiment within 0.5%. The term “coupled” as used herein isdefined as connected, although not necessarily directly and notnecessarily mechanically. A device or structure that is “configured” ina certain way is configured in at least that way, but may also beconfigured in ways that are not listed.

It will be appreciated that some embodiments may be comprised of one ormore generic or specialized processors (or “processing devices”) such asmicroprocessors, digital signal processors, customized processors andfield programmable gate arrays (FPGAs) and unique stored programinstructions (including both software and firmware) that control the oneor more processors to implement, in conjunction with certainnon-processor circuits, some, most, or all of the functions of themethod and/or apparatus described herein. Alternatively, some or allfunctions could be implemented by a state machine that has no storedprogram instructions, or in one or more application specific integratedcircuits (ASICs), in which each function or some combinations of certainof the functions are implemented as custom logic. Of course, acombination of the two approaches could be used.

Moreover, an embodiment can be implemented as a computer-readablestorage medium having computer readable code stored thereon forprogramming a computer (e.g., comprising a processor) to perform amethod as described and claimed herein. Examples of suchcomputer-readable storage mediums include, but are not limited to, ahard disk, a CD-ROM, an optical storage device, a magnetic storagedevice, a ROM (Read Only Memory), a PROM (Programmable Read OnlyMemory), an EPROM (Erasable Programmable Read Only Memory), an EEPROM(Electrically Erasable Programmable Read Only Memory) and a Flashmemory. Further, it is expected that one of ordinary skill,notwithstanding possibly significant effort and many design choicesmotivated by, for example, available time, current technology, andeconomic considerations, when guided by the concepts and principlesdisclosed herein will be readily capable of generating such softwareinstructions and programs and ICs with minimal experimentation.

The Abstract of the Disclosure is provided to allow the reader toquickly ascertain the nature of the technical disclosure. It issubmitted with the understanding that it will not be used to interpretor limit the scope or meaning of the claims. In addition, in theforegoing Detailed Description, it can be seen that various features aregrouped together in various embodiments for the purpose of streamliningthe disclosure. This method of disclosure is not to be interpreted asreflecting an intention that the claimed embodiments require morefeatures than are expressly recited in each claim. Rather, as thefollowing claims reflect, inventive subject matter lies in less than allfeatures of a single disclosed embodiment. Thus the following claims arehereby incorporated into the Detailed Description, with each claimstanding on its own as a separately claimed subject matter.

What is claimed is:
 1. A method for data retrieval across multiplepartitions, the method comprising: receiving, from a first application,a request for data stored in a first partition of a storage device,wherein the first application is included in a second partition of thestorage device and wherein the first partition of the storage deviceincludes a second application; in response to receiving the request,comparing a first signature of a global certificate that is associatedwith the first application with a second signature of the globalcertificate that is associated with the second application; based on thecomparison indicating that the first signature of the global certificateassociated with the first application and the second signature of theglobal certificate associated with the second application match, using akey from the global certificate associated with the first application toidentify the data from a data store included in the first partition; andtransmitting the data from the data store included in the firstpartition to the first application.
 2. The method of claim 1, furthercomprising: determining that the first application is included in thesecond partition of the storage device and not the first partition ofthe storage device; and in response to determining that the firstapplication is included in the second partition of the storage deviceand not included in the first partition of the storage device,determining whether the first application is authorized to access thedata associated with the first partition.
 3. The method of claim 2,wherein the comparison further comprises: retrieving the first signatureof the global certificate that is associated with the first application;retrieving the second signature of the global certificate that isassociated with the second application; and determining whether thefirst signature differs from the second signature.
 4. The method ofclaim 1, further comprising retrieving the key from the receivedrequest.
 5. The method of claim 1, further comprising, inhibiting thedata from being exchanged with the first application in response to thecomparison indicating that the first signature of the global certificatethat is associated with the first application and the second signatureof the global certificate that is associated with the second applicationdo not match.
 6. A system for data retrieval across multiple partitions,the system comprising: a hardware processor; a storage device coupled tothe hardware processor, the storage device including a first partition,a second partition, and instructions that, when executed by the hardwareprocessor, cause the processor to: receive, from a first application, arequest for data stored in a first partition of a storage device,wherein the first application is included in a second partition of thestorage device and wherein the first partition of the storage deviceincludes a second application; in response to receiving the request,compare a first signature of a global certificate that is associatedwith the first application with a second signature of the globalcertificate that is associated with the second application; based on thecomparison indicating that the first signature of the global certificateassociated with the first application and the second signature of theglobal certificate associated with the second application match, use akey from the global certificate associated with the first application toidentify the data from a data store included in the first partition; andtransmit the data from the data store included in the first partition tothe first application.
 7. The system of claim 6, wherein the hardwareprocessor is further configured to: determine that the first applicationis included in the second partition of the storage device and not thefirst partition of the storage device; and in response to determiningthat the first application is included in the second partition of thestorage device and not included in the first partition of the storagedevice, determine whether the first application is authorized to accessthe data associated with the first partition.
 8. The system of claim 7,wherein the hardware processor is further configured to: retrieve thefirst signature of the global certificate that is associated with thefirst application; retrieve the second signature of the globalcertificate that is associated with the second application; anddetermine whether the first signature differs from the second signature.9. The system of claim 6, wherein the hardware processor is furtherconfigured to retrieve the key from the received request.
 10. The systemof claim 6, wherein the hardware processor is further configured toinhibit the data from being exchanged with the first application inresponse to the comparison indicating that the first signature of theglobal certificate that is associated with the first application and thesecond signature of the global certificate that is associated with thesecond application do not match.
 11. A non-transitory computer-readablemedium containing computer-executable instructions that, when executedby a hardware processor, cause the process to perform a method for dataretrieval across multiple partitions, the method comprising: receiving,from a first application, a request for data stored in a first partitionof a storage device, wherein the first application is included in asecond partition of the storage device and wherein the first partitionof the storage device includes a second application; in response toreceiving the request, comparing a first signature of a globalcertificate that is associated with the first application with a secondsignature of the global certificate that is associated with the secondapplication; based on the comparison indicating that the first signatureof the global certificate associated with the first application and thesecond signature of the global certificate associated with the secondapplication match, using a key from the global certificate associatedwith the first application to identify the data from a data storeincluded in the first partition; and transmitting the data from the datastore included in the first partition to the first application.
 12. Thenon-transitory computer-readable medium of claim 11, wherein the methodfurther comprises: determining that the first application is included inthe second partition of the storage device and not the first partitionof the storage device; and in response to determining that the firstapplication is included in the second partition of the storage deviceand not included in the first partition of the storage device,determining whether the first application is authorized to access thedata associated with the first partition.
 13. The non-transitorycomputer-readable medium of claim 12, wherein the method furthercomprises: retrieving the first signature of the global certificate thatis associated with the first application; retrieving the secondsignature of the global certificate that is associated with the secondapplication; and determining whether the first signature differs fromthe second signature.
 14. The non-transitory computer-readable medium ofclaim 11, wherein the method further comprises retrieving the key fromthe received request.
 15. The non-transitory computer-readable medium ofclaim 11, wherein the method further comprises inhibiting the data frombeing exchanged with the first application in response to the comparisonindicating that the first signature of the global certificate that isassociated with the first application and the second signature of theglobal certificate that is associated with the second application do notmatch.